ZwReadFile in File System filter driver

Hi,

I’m working on file system filter driver based on Sfilter sample. In my IRP_MJ_READ dispatch routine I try to read data directly from different volume with ZwReadFile. I allocate my own buffer for this read and after that I copy data into previously locked user buffer.

NTSTATUS SNReadFile(PFILE_OBJECT FileObject,
PVOID Buffer,
ULONG Length,
PIO_STATUS_BLOCK ioStatus,
PLARGE_INTEGER ByteOffset)
{

//
// Allocate Buffer
//

pReadBuffer = ExAllocatePoolWithTag( PagedPool, BufferSize, Tag);

if (pReadBuffer==NULL) {
KdPrint( (“SNFILTER: SNReadFile: MEMORY ALLOCATION ERROR!!!\n”) );
return STATUS_INSUFFICIENT_RESOURCES;
}

//
// Allocate the Mdl
//

pMdl = IoAllocateMdl( pSystemBuffer, BufferSize, FALSE, FALSE, NULL );

if ( pMdl == NULL ) {
KdPrint( (“SNFILTER: SNReadFile: MEMORY ALLOCATION ERROR!!! \n”) );
ExFreePool(pReadBuffer);
return STATUS_INSUFFICIENT_RESOURCES;
}

//
// Lock the new Mdl
//

__try {

MmProbeAndLockPages( pMdl, KernelMode, IoWriteAccess );

} __except (EXCEPTION_EXECUTE_HANDLER) {

KdPrint( (“SNFILTER: SNReadFile: Exception occurred!!! ExceptionCode = 0x%x\n”, GetExceptionCode()) );

IoFreeMdl( pMdl );
ExFreePool( pReadBuffer);
return STATUS_UNSUCCESSFUL;
}

pBuffer = MmGetSystemAddressForMdl( pMdl );

if( !MmIsAddressValid(pBuffer) ) {

KdPrint( (“SNFILTER: SNReadFile: Invalid address lpBuffer = 0x%x !!!\n”, pBuffer) );
MmUnlockPages( pMdl );
IoFreeMdl( pMdl );
ExFreePool( pReadBuffer);

return STATUS_UNSUCCESSFUL;
}

//
// Open volume with ZwCreateFile, estimate offsets…
//

//
// Direct read
//
ntStatus = ZwReadFile( hVolume,
NULL,
NULL,
NULL,
ioStatus,
pBuffer,
BufferLength,
&Offset,
NULL );

Everything works fine if I allocate read buffer from NonPagedPoll but if I allocate it from PagedPool, my system occasionally crashes under continuously read testing :

Break, Ignore, Terminate Process or Terminate Thread (bipt)? i
MM:***PAGE FAULT AT IRQL > 1 Va 0, IRQL 2

*** Fatal System Error: 0x0000000A (0x00000000,0x00000002,0x00000001,0x80161375)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

***************************************************************************
* * Bugcheck Analysis
* *
***************************************************************************Bugcheck code 0000000A
Arguments 00000000 00000002 00000001 80161375

ChildEBP RetAddr Args to Child
fe9e08a8 8012286c 00000003 00000000 80161375 ntoskrnl!RtlpBreakWithStatusInstruction
fe9e0a20 8017ca68 0000000a 00000000 00000002 ntoskrnl!KeBugCheckEx+0xf0
fe9e0a20 80161375 0000000a 00000000 00000002 ntoskrnl!KiTrap0E+0x2a4
fe9e0ac0 8016115e 000817ed 0000002d 00000000 ntoskrnl!MiRemovePageByColor+0x5b
fe9e0ae0 8014837e c0384fa8 c0384fa8 00000000 ntoskrnl!MiRemoveAnyPage+0x19b
fe9e0af8 80147af5 e13ea000 c0384fa8 00000000 ntoskrnl!MiResolveDemandZeroFault+0x182
fe9e0b48 8015ba5b 00000000 e13ea000 c0384fa8 ntoskrnl!MiDispatchFault+0x1b7
fe9e0ba0 8013282f 00000000 e13ea000 00000000 ntoskrnl!MmAccessFault+0x5fd
fe9e0c34 8029ad97 811eba88 00000000 00000001 ntoskrnl!MmProbeAndLockPages+0x1fc
fe9e0d58 802a0f4d 814ba828 fe9e0d8c 01528000 SNfilter!SNReadFile+0x2fb [.\read.c @ 188]

Does anyone know what is wrong?

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Hi,

as you can read in ddk help:

“Callers of ZwReadFile must be running at IRQL PASSIVE_LEVEL.”

Break, Ignore, Terminate Process or Terminate Thread (bipt)? i
MM:***PAGE FAULT AT IRQL > 1 Va 0, IRQL 2

The IRQL is DISPATCH_LEVEL.

You must generate your own IRP.

-Abel.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of xxxxx@atia.com
Sent: viernes, 23 de febrero de 2001 9:49
To: File Systems Developers
Subject: [ntfsd] ZwReadFile in File System filter driver

Hi,

I’m working on file system filter driver based on Sfilter sample. In my
IRP_MJ_READ dispatch routine I try to read data directly from different
volume with ZwReadFile. I allocate my own buffer for this read and after
that I copy data into previously locked user buffer.

NTSTATUS SNReadFile(PFILE_OBJECT FileObject,
PVOID Buffer,
ULONG Length,
PIO_STATUS_BLOCK ioStatus,
PLARGE_INTEGER ByteOffset)
{

//
// Allocate Buffer
//

pReadBuffer = ExAllocatePoolWithTag( PagedPool, BufferSize, Tag);

if (pReadBuffer==NULL) {
KdPrint( (“SNFILTER: SNReadFile: MEMORY ALLOCATION ERROR!!!\n”) );
return STATUS_INSUFFICIENT_RESOURCES;
}

//
// Allocate the Mdl
//

pMdl = IoAllocateMdl( pSystemBuffer, BufferSize, FALSE, FALSE, NULL );

if ( pMdl == NULL ) {
KdPrint( (“SNFILTER: SNReadFile: MEMORY ALLOCATION ERROR!!! \n”) );
ExFreePool(pReadBuffer);
return STATUS_INSUFFICIENT_RESOURCES;
}

//
// Lock the new Mdl
//

__try {

MmProbeAndLockPages( pMdl, KernelMode, IoWriteAccess );

} __except (EXCEPTION_EXECUTE_HANDLER) {

KdPrint( (“SNFILTER: SNReadFile: Exception occurred!!! ExceptionCode =
0x%x\n”, GetExceptionCode()) );

IoFreeMdl( pMdl );
ExFreePool( pReadBuffer);
return STATUS_UNSUCCESSFUL;
}

pBuffer = MmGetSystemAddressForMdl( pMdl );

if( !MmIsAddressValid(pBuffer) ) {

KdPrint( (“SNFILTER: SNReadFile: Invalid address lpBuffer = 0x%x !!!\n”,
pBuffer) );
MmUnlockPages( pMdl );
IoFreeMdl( pMdl );
ExFreePool( pReadBuffer);

return STATUS_UNSUCCESSFUL;
}

//
// Open volume with ZwCreateFile, estimate offsets…
//

//
// Direct read
//
ntStatus = ZwReadFile( hVolume,
NULL,
NULL,
NULL,
ioStatus,
pBuffer,
BufferLength,
&Offset,
NULL );

Everything works fine if I allocate read buffer from NonPagedPoll but if I
allocate it from PagedPool, my system occasionally crashes under
continuously read testing :

Break, Ignore, Terminate Process or Terminate Thread (bipt)? i
MM:***PAGE FAULT AT IRQL > 1 Va 0, IRQL 2

*** Fatal System Error: 0x0000000A
(0x00000000,0x00000002,0x00000001,0x80161375)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

***************************************************************************
* *
Bugcheck Analysis
* *
***************************************************************************B
ugcheck code 0000000A
Arguments 00000000 00000002 00000001 80161375

ChildEBP RetAddr Args to Child
fe9e08a8 8012286c 00000003 00000000 80161375
ntoskrnl!RtlpBreakWithStatusInstruction
fe9e0a20 8017ca68 0000000a 00000000 00000002 ntoskrnl!KeBugCheckEx+0xf0
fe9e0a20 80161375 0000000a 00000000 00000002 ntoskrnl!KiTrap0E+0x2a4
fe9e0ac0 8016115e 000817ed 0000002d 00000000
ntoskrnl!MiRemovePageByColor+0x5b
fe9e0ae0 8014837e c0384fa8 c0384fa8 00000000 ntoskrnl!MiRemoveAnyPage+0x19b
fe9e0af8 80147af5 e13ea000 c0384fa8 00000000
ntoskrnl!MiResolveDemandZeroFault+0x182
fe9e0b48 8015ba5b 00000000 e13ea000 c0384fa8 ntoskrnl!MiDispatchFault+0x1b7
fe9e0ba0 8013282f 00000000 e13ea000 00000000 ntoskrnl!MmAccessFault+0x5fd
fe9e0c34 8029ad97 811eba88 00000000 00000001
ntoskrnl!MmProbeAndLockPages+0x1fc
fe9e0d58 802a0f4d 814ba828 fe9e0d8c 01528000 SNfilter!SNReadFile+0x2fb
[.\read.c @ 188]

Does anyone know what is wrong?

You are currently subscribed to ntfsd as: xxxxx@trymedia.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Thanks Abel,

but I call ZwReadFile from my paged IRP_MJ_READ dispatch routine and I
suppose that IRQL = PASSIVE_LEVEL

MM:***PAGE FAULT AT IRQL > 1 Va 0, IRQL 2
*** Fatal System Error: 0x0000000A
(0x00000000,0x00000002,0x00000001,0x80161375)

The address that was referenced improperly is 0x00000000 ?!

How I read from Nagar’s book when a page fault occurs VMM calls
MmAccessFault() and it checks

  1. if current IRQL > APC_LEVEL
  2. if the Page is not valid

if either of this two conditions are true VMM will bugcheck the system…


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Hi All,

I’d like to redirect a USB device output from an embedded board (running CE
3.0) to regular PC on the same network. To do this I intend to create a USB
bus filter driver on PC that will pass all USB packets (URBs) and will
receive additional info from the user level application. This application
will receive TCP/IP packets (data from a remote device) pass it to my filter
driver (as IRPs). Then I need a way to pretend that those IRPs have come
from the local USB bus driver. I can’t figure out how.
So my question is: how can I pass IRPs upstairs to the higher-level drivers
(pretending it came from downstairs)?

Regards,
Stas Desyatnikov,
Powernet.


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com